How do you create a system that’s resistant to aggressive environments without any additional protection?

Alexander Vinyavsky
Technology Evangelist

There is a phenomenon called Peto’s paradox. Its basic idea is this: it seems obvious that the more cells an organism has, the more likely it is to have harmful mutations. According to this logic, the probability of diseases associated with cell mutations (for example, cancer) should be proportional to the size of the animal (and, accordingly, the number of cells in it). But this is not the case: mice and humans have about the same risk of getting cancer, but elephants, for example, have a much lower risk.

Why does this happen? The fact is that some animal species have developed special mechanisms during the course of evolution that are highly resistant to cancer. For example, an elephant has 10 times more copies of a gene in its DNA capable of fighting the spread of mutated cells than a human. As a result, elephants, despite their size, rarely get cancer.

Vulnerabilities of monolithic kernel systems

Curiously, this story about the number of cells, cancer and genes is very similar to how modern software and hardware systems are being made more resilient to external cyberthreats.

Most systems today use an operating system with a so-called monolithic kernel, which contains millions of lines of code. For example, the Linux kernel has about 35 million lines of code, and the Windows kernel has about 70 million lines. According to statistics, there is an average of one error for every two thousand lines of code. That’s about 17,000 errors for the Linux kernel and 35,000 for the Windows kernel.

OSNumber of lines of code in the kernelEstimated number of errors
Linux35 000 00017 500
Windows70 000 00035 000
According to statistics, there is one error for every 2000 lines of code

Each of these errors can be exploited by criminals. Just as elephants would not have survived evolution without special mechanisms to prevent the development of mutations, so technical systems with an OS based on massive monolithic kernels would not have been able to cope without additional protection. Such protection exists of course — for example, antivirus — but it doesn’t protect against all evils.

It turns out that technical systems running operating systems based on huge monolithic kernels remain vulnerable to cyberthreats. Peto’s paradox doesn’t apply here: the larger the system, the greater the risk of “getting sick”.

Solution — a microkernel OS

OS security problems can be solved in a different way: microkernel-based operating systems, containing just a few dozen thousand lines of code, are increasing in popularity. They are three to four times less likely to cause harmful “mutations” (i.e., code errors), so they are resistant to the outside environment and require no additional security measures.

Both living organisms and technical systems tend to encounter fundamental problems and contradictions during the evolutionary process. And while the solutions to these problems may differ between living and non-living things, the problems themselves are similar in many ways. Perhaps the producers at National Geographic could be persuaded to film a few episodes about modern software development — they’d be just as fascinating as those devoted to wildlife.

You can read more about microkernels in my recent interview with Andrey Naenko, Head of KasperskyOS development. In the video we talk about what microkernel operating systems are, how and why they appeared, and discuss their performance and prospects for development.